Merge pull request #3 from volodymyr-babak/feature/docker-ssl

Feature/docker ssl
2017-05-24 15:28:30 +03:00 · 2017-05-24 15:28:30 +03:00 · a3f85df1a7
commit a3f85df1a7
parent 0758b6643c 5da5a1a134
4 changed files with 32 additions and 21 deletions
--- a/application/src/main/resources/thingsboard.yml
+++ b/application/src/main/resources/thingsboard.yml
@ -19,12 +19,18 @@ server:
  address: "${HTTP_BIND_ADDRESS:0.0.0.0}"
  # Server bind port
  port: "${HTTP_BIND_PORT:8080}"
-# Uncomment the following section to enable ssl
-#  ssl:
-#    key-store: classpath:keystore/keystore.p12
-#    key-store-password: thingsboard
-#    keyStoreType: PKCS12
-#    keyAlias: tomcat
+  # Server SSL configuration
+  ssl:
+    # Enable/disable SSL support
+    enabled: "${SSL_ENABLED:false}"
+    # Path to the key store that holds the SSL certificate
+    key-store: "${SSL_KEY_STORE:classpath:keystore/keystore.p12}"
+    # Password used to access the key store
+    key-store-password: "${SSL_KEY_STORE_PASSWORD:thingsboard}"
+    # Type of the key store
+    key-store-type: "${SSL_KEY_STORE_TYPE:PKCS12}"
+    # Alias that identifies the key in the key store
+    key-alias: "${SSL_KEY_ALIAS:tomcat}"

 # Zookeeper connection parameters. Used for service discovery.
 zk:
@ -60,10 +66,10 @@ plugins:

 # JWT Token parameters
 security.jwt:
-  tokenExpirationTime: "${JWT_TOKEN_EXPIRATION_TIME:9000000}" # Number of seconds (15 mins)
-  refreshTokenExpTime: "${JWT_REFRESH_TOKEN_EXPIRATION_TIME:36000000}" # Seconds (1 hour)
-  tokenIssuer: "${JWT_TOKEN_ISSUER:thingsboard.io}"
-  tokenSigningKey: "${JWT_TOKEN_SIGNING_KEY:thingsboardDefaultSigningKey}"
+  token-expiration-time: "${JWT_TOKEN_EXPIRATION_TIME:9000000}" # Number of seconds (15 mins)
+  refresh-token-exp-time: "${JWT_REFRESH_TOKEN_EXPIRATION_TIME:36000000}" # Seconds (1 hour)
+  token-issuer: "${JWT_TOKEN_ISSUER:thingsboard.io}"
+  token-signing-key: "${JWT_TOKEN_SIGNING_KEY:thingsboardDefaultSigningKey}"

 # Device communication protocol parameters
 http:
@ -72,19 +78,25 @@ http:
 # MQTT server parameters
 mqtt:
  bind_address: "${MQTT_BIND_ADDRESS:0.0.0.0}"
-  bind_port: "${MQTT_BIND_PORT:1883}"
+  bind_port: "${MQTT_BIND_PORT:1884}"
  adaptor: "${MQTT_ADAPTOR_NAME:JsonMqttAdaptor}"
  timeout: "${MQTT_TIMEOUT:10000}"
  netty:
    leak_detector_level: "${NETTY_LEASK_DETECTOR_LVL:DISABLED}"
    boss_group_thread_count: "${NETTY_BOSS_GROUP_THREADS:1}"
    worker_group_thread_count: "${NETTY_WORKER_GROUP_THREADS:12}"
-# Uncomment the following lines to enable ssl for MQTT
-#  ssl:
-#    key_store: mqttserver.jks
-#    key_store_password: server_ks_password
-#    key_password: server_key_password
-#    key_store_type: JKS
+  # MQTT SSL configuration
+  ssl:
+    # Enable/disable SSL support
+    enabled: "${MQTT_SSL_ENABLED:false}"
+    # Path to the key store that holds the SSL certificate
+    key_store: "${MQTT_SSL_KEY_STORE:mqttserver.jks}"
+    # Password used to access the key store
+    key_store_password: "${MQTT_SSL_KEY_STORE_PASSWORD:server_ks_password}"
+    # Password used to access the key
+    key_password: "${MQTT_SSL_KEY_PASSWORD:server_key_password}"
+    # Type of the key store
+    key_store_type: "${MQTT_SSL_KEY_STORE_TYPE:JKS}"

 # CoAP server parameters
 coap:
--- a/dao/src/main/java/org/thingsboard/server/dao/cache/ServiceCacheConfiguration.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/cache/ServiceCacheConfiguration.java
@ -45,7 +45,6 @@ public class ServiceCacheConfiguration {
    @Value("${cache.device_credentials.time_to_live}")
    private Integer cacheDeviceCredentialsTTL;

-
    @Value("${zk.enabled}")
    private boolean zkEnabled;
    @Value("${zk.url}")
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@ -20,8 +20,8 @@ services:
  thingsboard:
    image: "thingsboard/application:1.2.3"
    ports:
-      - "8080:8080"
-      - "1883:1883"
+      - "8443:8443"
+      - "1884:1883"
      - "5683:5683/udp"
    env_file:
      - thingsboard.env
--- a/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttSslHandlerProvider.java
+++ b/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttSslHandlerProvider.java
@ -41,7 +41,7 @@ import java.security.cert.X509Certificate;
 */
@Slf4j
@Component("MqttSslHandlerProvider")
-@ConditionalOnProperty(prefix = "mqtt.ssl", value = "key-store", havingValue = "", matchIfMissing = false)
+@ConditionalOnProperty(prefix = "mqtt.ssl", value = "enabled", havingValue = "true", matchIfMissing = false)
 public class MqttSslHandlerProvider {

    public static final String TLS = "TLS";